* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled
It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.
Fixes#1343 once merged.
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template
Fixes#1352 once merged.
* Removed support page templates
* Changed navigation to contact
* Modified contact form behaviour on enable/disable events
This fixes#1300. It wasn't clear which templates needed to be edited
for the contact form to work.
* Check DB structure version, config file version and MPOS core version
* Added new Admin Dashboard to show this core information
* Cronjobs will be disabled if SQL files are not imported
* SQL files must re-set the db_upgrade_required setting
* Cronjobs will disabled if config files are not updated
* Simple config file update and version string update will fix this
* Added MPOS status overview
* Cronjobs and Wallet information for now, others may be added later
* Added new navigation link for Admin Panel Dashboard
* Added new version file
* Will require updates whenever DB or configs are updated
* Update SQL file that adds the DB_VERSION setting
This will address #1242 and already includes a huge chunk of changes
required to make this work.
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens
Addresses #670
* Added new SQL file to update tokentypes table
* Added new function to base class
* Renamed function in base class used in shares class
* Added new error code
* Added new cronjob to delete expired tokens
* Added new cronjob to run-cron scripts and monitoring page
* Added new function to tokentype class
* Added new function to token class
Will address #1181 once merged.
Splitting dashboard calls up instead of using one single API call:
* Use getuserbalance for Balance updates
* Use getuserworkers for Worker updates
For those and potential other SQL intensive Ajax calls I have added a
long ajax refresh interval setting. It can be set via admin panel and
will change the refresh time on the JS file on the dashboard for those
two calls.
Should help a bit with high worker and transaction volume pools.
Address #1159
Adds pagination support for the admin panel pool workers page. Will
greatly increase loading times of this page if working as intended.
Fixes another part of #1043.
This will add pagination and user filters to the Admin Panel User
Information page.
* Added various filter methods (combined with AND in SQL)
* Added pagination and limits to fetch only matching users
This will greatly increase efficiency on larger pools
Fixes#1043 once merged.
* Added new admin options: disable_navbar and disable_navbar_api
* Removes LIVE STATS from navigation list
* Removes live updates on Pool General Statistics page
* Added system load checks to getnavbardata API call
This will help to decrease load on high-volume servers at the cost of
losing live status.
Fixes#1014 once merged.
This will improve loading times on large transaction tables. Thanks
@feeleep75 for helping with this one.
* Do not use SQL_CALC_NUM_ROWS since it will do a full table scan
* Allow admins to disable account transaction summaries to speed up page
loads on large tables
* added new admin setting under system to Disable TX Summaries
Fixes#1065 once merged
* Merge manual and auto-payout into single cronjob
* Update template/code to reflect single payout cron
* Update monitoring page
* Update disable payouts option in admin panel settings
* Update account payout page to use new option
This will fix#967 once merged.
This will allow admins to hide the actual username/author from their newsposts.
Useful if you don't wish to give your admin account away or in case you
have no admin-only account.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
Adds some additional wallet infos to the wallet info page in the admin
panel. Specifically the errors output might be interesting for users not
checking their RPC regularly for mandatory updates.
Fixes#912 once merged.
This will suspend any dashboard updates if the system load exceeds a
configurable threshold. Graphs will not update until the system load is
again below the threshold.
See dist config for new option.
Should help those pools suffering from too many live update users.
Allows pools to disable the dashboard and dashboard API completely.
Useful if you are not running a master/load(/load/load) setup to deal
with frequent live queries.
Fixes#876 once merged.
